emacs22: CVE-2007-6109 buffer overflow in format function

Debian Bug report logs - #455432
emacs22: CVE-2007-6109 buffer overflow in format function

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Nico Golde <nion@debian.org>

To: submit@bugs.debian.org

Subject: emacs22: CVE-2007-6109 buffer overflow in format function

Date: Mon, 10 Dec 2007 02:54:44 +0100

[Message part 1 (text/plain, inline)]

Package: emacs22
Severity: grave
Tags: security patch

Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for emacs22.

CVE-2007-6109[0]:
| Buffer overflow in emacs allows attackers to have an unknown impact,
| as demonstrated via a vector involving the command line.

You can find the upstream patch for this on:
http://cvs.savannah.gnu.org/viewvc/emacs/emacs/src/editfns.c?r1=1.439.2.3&r2=1.439.2.8

If you fix this vulnerability please also include the CVE id
in your changelog entry.

For further information:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6109

Kind regards
Nico

-- 
Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.

[Message part 2 (application/pgp-signature, inline)]

Message #12 received at 455432@bugs.debian.org (full text, mbox, reply):

From: Nico Golde <nion@debian.org>

To: 455432@bugs.debian.org

Subject: Re: emacs22: CVE-2007-6109 buffer overflow in format function

Date: Mon, 10 Dec 2007 17:51:52 +0100

[Message part 1 (text/plain, inline)]

Hi,
attached is a patch for an NMU to fix this issue.
It will be also archived on:
http://people.debian.org/~nion/nmu-diff/emacs22-22.1+1-2.1_22.1+1-2.2.patch

Kind regards
Nico

-- 
Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.

[emacs22-22.1+1-2.1_22.1+1-2.2.patch (text/x-diff, attachment)]

[Message part 3 (application/pgp-signature, inline)]

Message #17 received at 455432-close@bugs.debian.org (full text, mbox, reply):

From: Nico Golde <nion@debian.org>

To: 455432-close@bugs.debian.org

Subject: Bug#455432: fixed in emacs22 22.1+1-2.2

Date: Tue, 11 Dec 2007 08:47:10 +0000

Source: emacs22
Source-Version: 22.1+1-2.2

We believe that the bug you reported is fixed in the latest version of
emacs22, which is due to be installed in the Debian FTP archive:

emacs22-bin-common_22.1+1-2.2_i386.deb
  to pool/main/e/emacs22/emacs22-bin-common_22.1+1-2.2_i386.deb
emacs22-common_22.1+1-2.2_all.deb
  to pool/main/e/emacs22/emacs22-common_22.1+1-2.2_all.deb
emacs22-el_22.1+1-2.2_all.deb
  to pool/main/e/emacs22/emacs22-el_22.1+1-2.2_all.deb
emacs22-gtk_22.1+1-2.2_i386.deb
  to pool/main/e/emacs22/emacs22-gtk_22.1+1-2.2_i386.deb
emacs22-nox_22.1+1-2.2_i386.deb
  to pool/main/e/emacs22/emacs22-nox_22.1+1-2.2_i386.deb
emacs22_22.1+1-2.2.diff.gz
  to pool/main/e/emacs22/emacs22_22.1+1-2.2.diff.gz
emacs22_22.1+1-2.2.dsc
  to pool/main/e/emacs22/emacs22_22.1+1-2.2.dsc
emacs22_22.1+1-2.2_i386.deb
  to pool/main/e/emacs22/emacs22_22.1+1-2.2_i386.deb
emacs_22.1+1-2.2_all.deb
  to pool/main/e/emacs22/emacs_22.1+1-2.2_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 455432@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Nico Golde <nion@debian.org> (supplier of updated emacs22 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Mon, 10 Dec 2007 16:42:03 +0100
Source: emacs22
Binary: emacs22-el emacs22-gtk emacs22-bin-common emacs22-nox emacs22 emacs22-common emacs
Architecture: source all i386
Version: 22.1+1-2.2
Distribution: unstable
Urgency: high
Maintainer: Rob Browning <rlb@defaultvalue.org>
Changed-By: Nico Golde <nion@debian.org>
Description: 
 emacs      - The GNU Emacs editor (metapackage)
 emacs22    - The GNU Emacs editor
 emacs22-bin-common - The GNU Emacs editor's shared, architecture dependent files
 emacs22-common - The GNU Emacs editor's shared, architecture independent infrastru
 emacs22-el - GNU Emacs LISP (.el) files
 emacs22-gtk - The GNU Emacs editor (with GTK user interface)
 emacs22-nox - The GNU Emacs editor (without X support)
Closes: 455432
Changes: 
 emacs22 (22.1+1-2.2) unstable; urgency=high
 .
   * Non-maintainer upload by testing-security team.
   * This update addresses the following security issue:
     - CVE-2007-6109: A stack-based buffer overflow in the format function
       when dealing with high precision values could lead to arbitrary code
       execution.
       Added upstream patch (CVE-2007-6109.diff) to fix this (Closes: #455432).
Files: 
 9d1597c6705524cc8e86937588966230 937 editors optional emacs22_22.1+1-2.2.dsc
 975c9affc8edc1e692cd3facf53d6465 50897 editors optional emacs22_22.1+1-2.2.diff.gz
 ea3f82568947e9111c84ffe16615011e 18622 editors optional emacs_22.1+1-2.2_all.deb
 fa0d0e48585203b298a699b74b7e93c3 14345912 editors optional emacs22-common_22.1+1-2.2_all.deb
 21ced7224064a325d5327c99a7b3cf21 11186436 editors optional emacs22-el_22.1+1-2.2_all.deb
 c8b05bba9e837992deb881f9d83009c6 2567120 editors optional emacs22_22.1+1-2.2_i386.deb
 d0b8715e9a832bd2dc91b7db9b14da0e 2317862 editors optional emacs22-nox_22.1+1-2.2_i386.deb
 0fbccd8a1ca24c4217a809143af8e056 2562146 editors optional emacs22-gtk_22.1+1-2.2_i386.deb
 c1a6eb021c00576f15b3f6b595724646 162358 editors optional emacs22-bin-common_22.1+1-2.2_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFHXkSxHYflSXNkfP8RAu6DAJ9td8SSQiGHvo8yb3T21yIJgJiJewCfQ6/o
jR9XN/JFTj/WOY13Uag7X8M=
=B7DN
-----END PGP SIGNATURE-----

Message #22 received at 455432-close@bugs.debian.org (full text, mbox, reply):

From: Nico Golde <nion@debian.org>

To: 455432-close@bugs.debian.org

Subject: Bug#455432: fixed in emacs22 22.1+1-2.1+lenny1

Date: Tue, 11 Dec 2007 09:17:13 +0000

Source: emacs22
Source-Version: 22.1+1-2.1+lenny1

We believe that the bug you reported is fixed in the latest version of
emacs22, which is due to be installed in the Debian FTP archive:

emacs22-bin-common_22.1+1-2.1+lenny1_i386.deb
  to pool/main/e/emacs22/emacs22-bin-common_22.1+1-2.1+lenny1_i386.deb
emacs22-common_22.1+1-2.1+lenny1_all.deb
  to pool/main/e/emacs22/emacs22-common_22.1+1-2.1+lenny1_all.deb
emacs22-el_22.1+1-2.1+lenny1_all.deb
  to pool/main/e/emacs22/emacs22-el_22.1+1-2.1+lenny1_all.deb
emacs22-gtk_22.1+1-2.1+lenny1_i386.deb
  to pool/main/e/emacs22/emacs22-gtk_22.1+1-2.1+lenny1_i386.deb
emacs22-nox_22.1+1-2.1+lenny1_i386.deb
  to pool/main/e/emacs22/emacs22-nox_22.1+1-2.1+lenny1_i386.deb
emacs22_22.1+1-2.1+lenny1.diff.gz
  to pool/main/e/emacs22/emacs22_22.1+1-2.1+lenny1.diff.gz
emacs22_22.1+1-2.1+lenny1.dsc
  to pool/main/e/emacs22/emacs22_22.1+1-2.1+lenny1.dsc
emacs22_22.1+1-2.1+lenny1_i386.deb
  to pool/main/e/emacs22/emacs22_22.1+1-2.1+lenny1_i386.deb
emacs_22.1+1-2.1+lenny1_all.deb
  to pool/main/e/emacs22/emacs_22.1+1-2.1+lenny1_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 455432@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Nico Golde <nion@debian.org> (supplier of updated emacs22 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Mon, 10 Dec 2007 16:42:03 +0100
Source: emacs22
Binary: emacs22-el emacs22-gtk emacs22-bin-common emacs22-nox emacs22 emacs22-common emacs
Architecture: source all i386
Version: 22.1+1-2.1+lenny1
Distribution: testing-security
Urgency: high
Maintainer: Rob Browning <rlb@defaultvalue.org>
Changed-By: Nico Golde <nion@debian.org>
Description: 
 emacs      - The GNU Emacs editor (metapackage)
 emacs22    - The GNU Emacs editor
 emacs22-bin-common - The GNU Emacs editor's shared, architecture dependent files
 emacs22-common - The GNU Emacs editor's shared, architecture independent infrastru
 emacs22-el - GNU Emacs LISP (.el) files
 emacs22-gtk - The GNU Emacs editor (with GTK user interface)
 emacs22-nox - The GNU Emacs editor (without X support)
Closes: 455432
Changes: 
 emacs22 (22.1+1-2.1+lenny1) testing-security; urgency=high
 .
   * Non-maintainer upload by testing-security team.
   * This update addresses the following security issue:
     - CVE-2007-6109: A stack-based buffer overflow in the format function
       when dealing with high precision values could lead to arbitrary code
       execution.
       Added upstream patch (CVE-2007-6109.diff) to fix this (Closes: #455432).
Files: 
 eb4735cee3ae4b45de29082b55e6ce3d 951 editors optional emacs22_22.1+1-2.1+lenny1.dsc
 79f7f120a19e11a695dd1b601fd17ec4 49336 editors optional emacs22_22.1+1-2.1+lenny1.diff.gz
 11b96b2b7748f0a77bb6281ccb264fa9 18634 editors optional emacs_22.1+1-2.1+lenny1_all.deb
 3114aefa1694af6b60f66d52e2b00021 14348738 editors optional emacs22-common_22.1+1-2.1+lenny1_all.deb
 a4f0587e110182fc493f3115d3fd45b3 11186702 editors optional emacs22-el_22.1+1-2.1+lenny1_all.deb
 e818871e13c917d962cd4b4759e1ec85 2565234 editors optional emacs22_22.1+1-2.1+lenny1_i386.deb
 63822f5bb63b0f9297be68862411e02c 2318060 editors optional emacs22-nox_22.1+1-2.1+lenny1_i386.deb
 d3d5293251b736874e18c4424c65053e 2562370 editors optional emacs22-gtk_22.1+1-2.1+lenny1_i386.deb
 3fb6984e3aa7629706f71ee0f2a6ccaf 161260 editors optional emacs22-bin-common_22.1+1-2.1+lenny1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFHXYidHYflSXNkfP8RArtNAJ44jwkC4MuHL5vBQs9Ijo4MLARp3wCfd3E/
vUGmXYUSooLycBcvJwL4YFU=
=KyiD
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.